In February 2015, The Daily Beast published an insightful article about cyber war activity between Russia and Ukraine. The article profiled Eugene Dokunin, a Ukrainian web security consultant who gave up his day job to launch cyber-attacks against Russian targets. He works with a team of volunteers and performs an innumerable amount of combative actions, from financial account takeovers to hacking into CCTV systems in order to report on troop activity.

The article was somewhat vague about who he works with and whether or not he receives direct support from (or directly supports) either the Ukrainian government or anti-Russian irregular forces. This ambiguity was likely intentional for personal security reasons, as Dokunin does little to conceal his goals and objectives, and so must keep some secrets for his own safety.

It’s difficult to find reputable examples of cyber war using a rigorous standard definition, but the Daily Beast profile and other media reports indicate that we are witnessing one right now.

The concept of “cyber war” is often used - and misused - in the media, by both politicians and the public at large. A “cyber war,” as an actual event, has a clear and concise definition, and the bar is set high as to what actually constitutes one. There must be deliberate and apparent actions taken in cyberspace and approved by a military commander to further battlefield objectives, while also allowing friendly forces to maneuver.

Stuxnet, Operation Aurora, and the Sony Pictures Entertainment incidents are all examples of cyber-attacks that, at one point, were declared maneuvers of cyber war. Despite the gravity of these episodes, the definitive terminology regarding what constitutes “war,” cyber or otherwise, leaves very few cyber-attacks (including those just mentioned) able to fit the proper characterization.

We do, however, have one example out of a handful of candidates, and it’s continuing to unfold daily. The ongoing War in Ukraine, also known as the War in Donbass, meets the standard of cyber warfare. The mainly kinetic (military speak for physical, lethal action) conflict also includes persistent cyber-attacks from both sides of the conflict, and meets the generally accepted standard for the following reasons:

The cyber warfare component is overt, meaning the perpetrators make little effort to hide either their identities or their allegiances.

The two countries are in open, hostile and declared conflict with each other.

Both sides have stated military and political objectives.

Cyber-attacks are launched to deny the enemy from achieving their objectives, while allowing friendly forces to reach theirs.

Background

"Map of the war in Donbass" by Marktaff, ZomBear (CC BY-SA 4.0)

This conflict is a complex political situation that has tensions dating back several hundred years, but the current crisis began in March 2014 when Russia annexed the Ukrainian territory of Crimea. This took place during a period of civic unrest within Ukraine, during which pro-Russian demonstrations had been turning up across the country for several months. Pro-Russian forces, with the help of Russian military intervention, escalated the situation to an armed conflict in the Donbass region that continues to this day. Involved in the rivalry are Russian regular forces, pro-Russian militants in Ukraine, paramilitary forces, and volunteer militia on both sides, among many others.

In the opening days of the conflict, pro-Russian hackers disrupted Ukrainian media and telecommunications networks. This hindered the ability of Ukrainian government officials to get the word out to their constituents about what was going on, and presumably hampered the ability to mobilize counter-forces.

In response, pro-Ukrainian forces have used the same tactics and have fought back with DDoS (distributed denial-of-service) attacks, website defacements, hacks of government computers, and cyber espionage.

On their own, these cyber-attacks would not be considered cyber warfare. However, since they occur in conjunction with military attacks and operations, and are used to provide intelligence to military forces, these attacks meet the standard definition. For both security professionals and business leaders, this is an important story to follow, as it may provide clues and a backdrop for how cyber conflict and cyber warfare might play out in a worldwide arena as part of a larger rivalry.

The cyber battle between Russia and Ukraine also shows how effective insurgent forces are fighting an asymmetric war against larger forces. This dynamic can be found in nearly every modern conflict, from partisan forces fighting the Nazis in WWII to insurgents fighting the Americans in Iraq; asymmetric warfare is very effective and should be considered in any firm’s risk modeling if it provides critical services or infrastructure support.

Characteristics

On both sides, the actors are mostly overt, meaning they do little to hide who they are or whether objectives may be. Contrast this with the perpetrators of the Sony Pictures hack; attribution is suspected but not fully disclosed.

In the opening days of a kinetic military operation, cyber-attacks are launched on telecommunications infrastructures. Collateral damage occurs within civilian infrastructure, with the primary targets being government and military communications.

A highly motivated, moderately skilled small insurgent hacking group can significantly hamper the military objectives of the opposing force.

DDoS attacks are the cheapest and easiest way to attack a marked target, but effects are temporary and generally do not contribute to larger military objectives. They can also be useful for propaganda or disinformation purposes.

Doxing opposition commanders, financial account takeovers, and espionage can be remarkably effective, especially if coordinated with the actions of friendly forces.

Examples

Not every cyber-attack listed below fits the standard of “cyber warfare,” but taken together as a whole, they help build a more complete picture of the political and economic uncertainty in the Ukrainian region.

Although this particular bout of Russian-Ukrainian contention is fairly young, it is still an interesting case study in how cyber-attacks can be used in a prolonged conflict or insurgency situation. Whether viewing this situation from the perspective of a military or a private business, one can study and learn from these ongoing virtual barrages how to defend against (and perpetrate) hacks from oppositional forces. Further study and retrospection may aid in gauging the effectiveness of cyber-attacks and understanding how they contribute to the overall objectives of both the military and private security firms.

This article is published as part of the IDG Contributor Network. Want to Join?

Tony Martin-Vegue works for a San Francisco Bay Area-based financial institution, leading the firm’s security risk management program. His enterprise risk and security analyses are informed by his 20 years of technical expertise in areas such as network operations, cryptography and vulnerability research. He is also a security blogger and host of the Standard Deviant Security Podcast. Tony holds a Bachelor of Science in Business Economics from the University of San Francisco and holds many certifications including CISSP, CISM and CEH. He can be found on the web at www.thestandarddeviant.com and on Twitter @tdmv.